Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47251: Vulnerability Lab

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client’s filesystem.

CVE
#vulnerability#pdf#auth

With the Vulnerability Lab, SEC Consult operates its own internal security laboratory, in order to ensure an international know-how advantage over attackers in the areas of network and application security. In addition, this facility serves the support with high-quality penetration tests and with the evaluation of new technologies and is at the service of our customers. Thus, they receive the latest information about security gaps and valid statements about the risk profile of new technologies.

Our Vulnerability Lab follows a Responsible Disclosure Policy which aims to provide vendors with the necessary information and timeframe needed to validate and fix a security flaw in order to mutually coordinate the public release of a security advisory as part of our responsible disclosure process. This document also clarifies the extent and limitation of effort the SEC Consult Vulnerability Lab will invest. It can be found here.

Here you find all our studies and whitepapers.

You can reach our Vulnerability Lab through security-research(at)sec-consult.com. The PGP key with fingerprint F9A9D4AF3DC2D298835090252D2DD7B5C6EE883F can be downloaded here.

  • All
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012
  • 2011
  • 2010
  • 2009
  • 2008
  • 2007
  • 2006
  • 2005
  • 2004
  • 2003

22. Nov 2023

05. Oct 2023

27. Sep 2023

25. Sep 2023

18. Sep 2023

29. Aug 2023

05. Jul 2023

03. Jul 2023

28. Jun 2023

27. Jun 2023

17. May 2023

16. May 2023

15. May 2023

02. May 2023

06. Mar 2023

Related news

m-privacy TightGate-Pro Code Execution / Insecure Permissions

m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907